Download and burn the entire Cleaves site -
including all attachments and pics - to Disc or Stick.
The burn will result in a browsable ready
resource you can access on or offline
anywhere anytime you wish!
Cyber Warfare: Building Attack Tools for Mass Destruction
by Tom Burghardt via Kismo - Antifascist Calling... Thursday, May 28 2009, 10:25am international /
mass media /
other press
A quintessential hallmark of an authoritarian regime, particularly one that operates within highly-militarized, though nominally democratic states such as ours, is the maintenance of a system of internal control; a seamless panopticon where dissent is equated with criminality and the rule of law derided as a luxury ill-afforded "during a time of war."
In this context, the deployment of new offensive technologies which can wreck havoc on human populations deemed expendable by the state, are always couched in a defensive rhetoric by militarist aggressors and their apologists.
While the al-Qaeda brand may no longer elicit a compelling response in terms of mobilizing the population for new imperial adventures, novel threats--and panics--are required to marshal public support for the upward transfer of wealth into the corporate trough. Today, "cyber terror" functions as the "new Osama."
And with Congress poised to pass the Cybersecurity Act of 2009, an Orwellian bill that would give the president the power to "declare a cybersecurity emergency" and shut down or limit Internet traffic in any "critical" information network "in the interest of national security" of course, the spaces left for the free flow of information--and meaningful dissent--slowly contract.
DARPA--and Cybersecurity Grifters--to the Rescue
But protecting critical infrastructure from hackers, criminals and terrorists isn't the only game in town. The Pentagon is planning to kick-start a new office, Cyber Command, armed with the capacity to launch devastating attacks against any nation or group deemed an official enemy by Washington.
As Antifascist Callingreported last year, the Defense Advanced Research Projects Agency (DARPA), the Pentagon's "geek squad," is building a National Cyber Range (NCR). As Cyber Command's research arm, the agency's Strategic Technology Office (STO) describes NCR as
DARPA's contribution to the new federal Comprehensive National Cyber Initiative (CNCI), providing a "test bed" to produce qualitative and quantitative assessments of the Nation's cyber research and development technologies. Leveraging DARPA's history of cutting-edge research, the NCR will revolutionize the state of the art for large-scale cyber testing. Ultimately, the NCR will provide a revolutionary, safe, fully automated and instrumented environment for our national cyber security research organizations to evaluate leap-ahead research, accelerate technology transition, and enable a place for experimentation of iterative and new research directions. ("National Cyber Range," Defense Advanced Research Projects Agency, Strategic Technology Office, no date)
According to a January 2009 press release, the agency announced that NCR "will accelerate government research and development in high-risk, high-return areas and work in close cooperation with private-sector partners to jump-start technical cyber transformation."
Given the Pentagon's proclivity to frame debates over defense and security-related issues as one of "dominating the adversary" and discovering vulnerabilities that can be "exploited" by war planners, one can hypothesize that NCR is a testing range for the creation of new offensive weapons.
Amongst the "private-sector partners" chosen by the agency to "develop, field, and test new 'leap ahead' concepts and capabilities" are:
BAE Systems, Information and Electronic Systems Integration Inc., Wayne, N.J. ($3,279,634); General Dynamics, Advanced Information Systems, San Antonio, Texas ($1,944,094); Johns Hopkins University Applied Physics Laboratory, Laurel Md. ($7,336,805); Lockheed Martin Corp., Simulation, Training and Support, Orlando, Fla. ($5,369,656); Northrop Grumman, Intelligence, Surveillance and Reconnaissance Systems Division, Columbia, Md. ($344,097); Science Applications International Corp., San Diego, Calif. ($2,821,725); SPARTA, Columbia, Md. ($8,603,617).
While little-known outside the defense and intelligence establishment, SPARTA describes its "core business areas" as "strategic defense and offense systems, tactical weapons systems, space systems." Its security and intelligence brief includes "intelligence production, computer network operations, and information assurance."
Investigative journalist James Bamford wrote in The Shadow Factory that SPARTA "hired Maureen Baginski, the NSA's powerful signals intelligence director, in October 2006, as president of its National Security Systems Sector." According to Bamford, the firm, like others in the netherworld of corporate spying are always on the prowl for intelligence analysts "to pursue access and exploitation of targets of interest."
Given their spooky résumé, information on SPARTA's contracts are hard to come by. Indeed, the firm claims that under Section 508 of the Rehabilitation Act they are exempt from providing the public with information because their products involve "the operation, or use of... intelligence activities... related to national security, command and control of military forces, equipment that is an integral part of a weapon or weapons system, or systems which are critical to the direct fulfillment of military or intelligence missions." How's that for openness and transparency! One can only hazard a guess as to the firm's role in devising DARPA's "leap-ahead" National Cyber Range.
While the initial outlay of defense funds for NCR may appear to be a substantial amount of boodle for enterprising contractors, it is merely a down payment on Phase I of the project. Melissa Hathaway, the Obama administration's director of the Joint Interagency Cyber Task Force said, "I don't believe that this is a single-year or even a multi-year investment--it's a multi-decade approach." Hathaway, a former consultant at the spooky Booz Allen Hamilton corporation, told the Intelligence and National Security Alliance (INSA) in April,
Building toward the architecture of the future requires research and development that focuses on game-changing technologies that could enhance the security, reliability, resilience and trustworthiness of our digital infrastructure. We need to be mindful of how we, government and industry together, can optimize our collective research and development dollars and work together to improve market incentives for secure and resilient hardware and software products, new security innovation, and secure managed services. ("Remarks by Melissa E. Hathaway, Acting Senior Director for Cyberspace for the National Security and Homeland Security Councils," INSA, April 30, 2009)
That Hathaway chose INSA as a forum is hardly surprising. Describing itself as a "non-profit professional association created to improve our nation's security through an alliance of intelligence and national security leaders in the private and public sectors," INSA was created by and for contractors in the heavily-outsourced shadow world of U.S. intelligence. Founded by BAE Systems, Booz Allen Hamilton, Computer Sciences Corporation, General Dynamics, Hewlett-Packard, Lockheed Martin, ManTech International, Microsoft, the Potomac Institute and Science Applications International Corporation, The Washington Postcharacterized INSA as "a gathering place for spies and their business associates."
"Partners" who benefit directly from the launch of DARPA's National Cyber Range. No doubt, Hathaway's remarks are music to the ears of "beltway bandits" who reap hundreds of billions annually to fund taxpayer-fueled "national security priorities." That the Pentagon is richly rewarding INSA-connected firms with documented track records of "misconduct such as contract fraud and environmental, ethics, and labor violations," according to the Project on Government Oversight's (POGO) Federal Contractor Misconduct Database (FCMD) hardly elicits a yawn from Congress.
Among the corporations selected by the agency to construct the National Cyber Range, Lockheed Martin leads the pack in "Misconduct $ since 1995" according to POGO, having been fined $577.2 million (No. 1); Northrop Grumman, $790.4 million (No. 3); General Dynamics, $63.2 million (No. 4); BAE Systems, $1.3 million (No. 6); Science Applications International Corporation (SAIC), $14.5 million (No. 9); Johns Hopkins University, $4.6 million, (No. 81)
But as disturbing as these figures are, representing corporate grifting on a massive scale, equally troubling is the nature of the project itself. As Aviation Weekreports, "Devices to launch and control cyber, electronic and information attacks are being tested and refined by the U.S. military and industry in preparation for moving out of the laboratory and into the warfighter's backpack."
High-Tech Tools for Aggressive War
The American defense establishment is devising tools that can wreck havoc with a keystroke. DARPA is currently designing "future attack devices" that can be deployed across the imperialist "battlespace" by the "non-expert," that is by America's army of robosoldiers. According to Aviation Week, one such device "combines cybersleuthing, technology analysis and tracking of information flow. It then offers suggestions to the operator on how best to mount an attack and, finally, reports on success of the effort."
The heart of this attack device is its ability to tap into satellite communications, voice over Internet, proprietary Scada networks--virtually any wireless network. Scada (supervisory control and data acquisition) is of particular interest since it is used to automatically control processes at high-value targets for terrorists such as nuclear facilities, power grids, waterworks, chemical plants and pipelines. The cyberattack device would test these supposedly inviolate networks for vulnerabilities to wireless penetration. (David A. Fulghum, "Network Attack Weapons Emerge," Aviation Week, May 21, 2009)
As can be expected, the Pentagon's rhetorical mise-en-scène is always a purely "defensive" response to future depredations by nefarious and shadowy forces threatening the heimat. In fact, the United States has systematically employed battlefield tactics that target civilian infrastructure as a means of breaking the enemy's will to fight. Stretching across the decades, from Southeast Asia to Iraq to Yugoslavia, imperialist strategists have committed war crimes by targeting the electrical grid, water supply and transportation- and manufacturing infrastructure of their adversaries.
The NCR will potentially serve as a new and improved means to bring America's rivals to their knees. Imagine the capacity for death and destruction implicit in a tool that can, for example, at the push of a button cause an adversary's chemical plant to suddenly release methyl isocynate (the Bhopal effect) on a sleeping city, or a nuclear power plant to go supercritical, releasing tens of billions of curies of radioactive death into the atmosphere?
During NATO's 1999 "liberation" of the narco-state Kosovo from the former Yugoslavia, American warplanes dropped what was described as a graphite "blackout bomb," the BLU-114/B "soft bomb" on Belgrade and other Serbian cities during its war of aggression. As the World Socialist Web Sitereported at the time,
A particularly dangerous consequence of the long-term power blackout is the damage to the water systems in many Yugoslav cities, which are dependent on pumping stations run by electrical power. Novi Sad, a city of 300,000 which is the capital of the Vojvodina province of Serbia, has been without running water for eight days, according to residents. Families have been compelled to get water from the Danube river to wash and operate the toilet, and a handful of wells to provide drinking water.
Sewage treatment plants have also been shut down, with the result that raw, untreated sewage has begun to flow into the network of rivers that feed into the Danube, central Europe's most important waterway. (Marty McLaughlin, "Wall Street celebrates stepped-up bombing of Serbia," World Socialist Web Site, May 5, 1999)
With technological advances courtesy of DARPA's National Cyber Range and their "private-sector partners," the potential for utterly devastating societies ripe for resource extraction by American corporatist war criminals will increase exponentially. As Wiredreported,
Comparisons between nuclear and cyberweapons might seem strained, but there's at least one commonality. Scholars exploring the ethics of wielding logic bombs, Trojan horses, worms and bots in wartime often find themselves treading on ground tilled by an earlier generation of Cold War nuclear gamesmen.
"There are lots of unknowns with a cyberattack," says Neil Rowe, a professor at the Center for Information Security Research at the U.S. Naval Postgraduate School, who rejects cyberattacks as a legitimate tool of war. "The potential for collateral damage is worse than nuclear technology.... With cyber, it can spread through the civilian infrastructure and affect far more civilians." (Marty Graham, "Welcome to Cyberwar Country, USA," Wired, February 11, 2008)
Initiatives such as the National Cyber Range are fully theorized as one facet of "network-centric warfare," the Rumsfeldian "Revolution in Military Affairs." Durham University geographer Stephen Graham describes the Pentagon notion that dominance can be achieved through "increasingly omnipotent surveillance and 'situational awareness', devastating and precisely-targeted aerial firepower, and the suppression and degradation of the communications and fighting ability of any opposing forces."
Indeed, these are integrated approaches that draw from corporate management theory to create "continuous, always-on support for military operations in urban terrain," an imperialist battlespace where Wal-Mart seamlessly morphs into The Terminator.
According to Aviation Week, the device currently being field tested will "capture expert knowledge but keep humans in the loop." As a battlefield weapon, simplicity and ease of operation is the key to successfully deploying this monstrous suite of tools. And Pentagon "experts" are designing a console that will "quantify results so that the operator can put a number against a choice," "enhance execution by creating a tool for the nonexpert that puts material together and keeps track of it" and finally, "create great visuals so missions can be executed more intuitively."
A touch-screen dashboard beneath the network schematic display looks like the sound mixing console at a recording studio. The left side lists cyberattack mission attributes such as speed, covertness, attribution and collateral damage. Next to each attribute is the image of a sliding lever on a long scale. These can be moved, for example, to increase the speed of attack or decrease collateral damage. (Aviation Week, op. cit.)
A tunable device for increased destructive capabilities; what are these if not a prescription for mass murder on a post-industrial scale?
Additionally, DARPA sorcerers are combining "digital tools that even an inexperienced operator can bring into play. In the unclassified arena there are algorithms dubbed Mad WiFi, Air Crack and Beach. For classified work, industry developers also have a toolbox of proprietary cyberexploitation algorithms."
What has been dubbed "Air Crack" deploys "open source tools to crack the encryption key for a wireless network." Cryptoattacks on the other hand, "use more sophisticated techniques to cut through the password hash."
One means to "penetrate" an adversary's protective cyber locks is referred to as a "de-authorization capability." According to Aviation Week, the attack operator "can kick all the nodes off a network temporarily so that the attack system can watch them reconnect. This provides information needed to quickly penetrate the network." As The Registerreported in January when the ink on the DARPA contracts had barely dried,
Thus the planned Cyber Range must be able to simulate not just large computer networks teeming with nodes, but also the people operating and using these interlocked networks. These software sim-people--users, sysadmins, innocent network bystanders and passers-by--are referred to in the Range plans as "replicants". It seems clear that they won't know that they are merely simulated pawns in a virtual network wargame designed to test the efficiency of America's new cyber arsenal. They will merely have to live in a terrible Groundhog Day electronic armageddon, where the weapons and players change but destruction and suffering remain eternal. (Lewis Page, "Deals inked on DARPA's Matrix cyber VR," The Register, January 5, 2009)
Rance Walleston, the head of BAE's cyber warfare division told Aviation Week in late 2008, "We want to change cyber attack from an art to a science." And as The Register averred, the Pentagon's "simulated cyber warzone" should be up and running next year, "ready to pass under the harrow of BAE's new electronic pestilences, digital megabombs and tailored computer plagues."
Is it any wonder then, that the Russian revolutionary Lenin wrote nearly a century ago that "the civilized nations have driven themselves into the position of barbarians"?
WASHINGTON — The Pentagon plans to create a new military command for cyberspace, administration officials said Thursday, stepping up preparations by the armed forces to conduct both offensive and defensive computer warfare.
The military command would complement a civilian effort to be announced by President Obama on Friday that would overhaul the way the United States safeguards its computer networks.
Mr. Obama, officials said, will announce the creation of a White House office — reporting to both the National Security Council and the National Economic Council — that will coordinate a multibillion-dollar effort to restrict access to government computers and protect systems that run the stock exchanges, clear global banking transactions and manage the air traffic control system.
White House officials say Mr. Obama has not yet been formally presented with the Pentagon plan. They said he would not discuss it Friday when he announced the creation of a White House office responsible for coordinating private-sector and government defenses against the thousands of cyberattacks mounted against the United States — largely by hackers but sometimes by foreign governments — every day.
But he is expected to sign a classified order in coming weeks that will create the military cybercommand, officials said. It is a recognition that the United States already has a growing number of computer weapons in its arsenal and must prepare strategies for their use — as a deterrent or alongside conventional weapons — in a wide variety of possible future conflicts.
The White House office will be run by a “cyberczar,” but because the position will not have direct access to the president, some experts said it was not high-level enough to end a series of bureaucratic wars that have broken out as billions of dollars have suddenly been allocated to protect against the computer threats.
The main dispute has been over whether the Pentagon or the National Security Agency should take the lead in preparing for and fighting cyberbattles. Under one proposal still being debated, parts of the N.S.A. would be integrated into the military command so they could operate jointly.
Officials said that in addition to the unclassified strategy paper to be released by Mr. Obama on Friday, a classified set of presidential directives is expected to lay out the military’s new responsibilities and how it coordinates its mission with that of the N.S.A., where most of the expertise on digital warfare resides today.
The decision to create a cybercommand is a major step beyond the actions taken by the Bush administration, which authorized several computer-based attacks but never resolved the question of how the government would prepare for a new era of warfare fought over digital networks.
It is still unclear whether the military’s new command or the N.S.A. — or both — will actually conduct this new kind of offensive cyberoperations.
The White House has never said whether Mr. Obama embraces the idea that the United States should use cyberweapons, and the public announcement on Friday is expected to focus solely on defensive steps and the government’s acknowledgment that it needs to be better organized to face the threat from foes attacking military, government and commercial online systems.
Defense Secretary Robert M. Gates has pushed for the Pentagon to become better organized to address the security threat.
Initially at least, the new command would focus on organizing the various components and capabilities now scattered across the four armed services.
Officials declined to describe potential offensive operations, but said they now viewed cyberspace as comparable to more traditional battlefields.
“We are not comfortable discussing the question of offensive cyberoperations, but we consider cyberspace a war-fighting domain,“ said Bryan Whitman, a Pentagon spokesman. “We need to be able to operate within that domain just like on any battlefield, which includes protecting our freedom of movement and preserving our capability to perform in that environment.”
Although Pentagon civilian officials and military officers said the new command was expected to initially be a subordinate headquarters under the military’s Strategic Command, which controls nuclear operations as well as cyberdefenses, it could eventually become an independent command.
“No decision has been made,” said Lt. Col. Eric Butterbaugh, a Pentagon spokesman. “Just as the White House has completed its 60-day review of cyberspace policy, likewise, we are looking at how the department can best organize itself to fill our role in implementing the administration’s cyberpolicy.”
The creation of the cyberczar’s office inside the White House appears to be part of a significant expansion of the role of the national security apparatus there. A separate group overseeing domestic security, created by President George W. Bush after the Sept. 11 attacks, now resides within the National Security Council. A senior White House official responsible for countering the proliferation of nuclear and unconventional weapons has been given broader authority. Now, cybersecurity will also rank as one of the key threats that Mr. Obama is seeking to coordinate from the White House.
The strategy review Mr. Obama will discuss on Friday was completed weeks ago, but delayed because of continuing arguments over the authority of the White House office, and the budgets for the entire effort.
It was kept separate from the military debate over whether the Pentagon or the N.S.A. is best equipped to engage in offensive operations. Part of that debate hinges on the question of how much control should be given to American spy agencies, since they are prohibited from acting on American soil.
“It’s the domestic spying problem writ large,” one senior intelligence official said recently. “These attacks start in other countries, but they know no borders. So how do you fight them if you can’t act both inside and outside the United States?”
(John Markoff contributed reporting from San Francisco)
MELBOURNE, Fla. — The government’s urgent push into cyberwarfare has set off a rush among the biggest military companies for billions of dollars in new defense contracts.
The exotic nature of the work, coupled with the deep recession, is enabling the companies to attract top young talent that once would have gone to Silicon Valley. And the race to develop weapons that defend against, or initiate, computer attacks has given rise to thousands of “hacker soldiers” within the Pentagon who can blend the new capabilities into the nation’s war planning.
Nearly all of the largest military companies — including Northrop Grumman, General Dynamics, Lockheed Martin and Raytheon — have major cyber contracts with the military and intelligence agencies.
The companies have been moving quickly to lock up the relatively small number of experts with the training and creativity to block the attacks and design countermeasures. They have been buying smaller firms, financing academic research and running advertisements for “cyberninjas” at a time when other industries are shedding workers.
The changes are manifesting themselves in highly classified laboratories, where computer geeks in their 20s like to joke that they are hackers with security clearances.
At a Raytheon facility here south of the Kennedy Space Center, a hub of innovation in an earlier era, rock music blares and empty cans of Mountain Dew pile up as engineers create tools to protect the Pentagon’s computers and crack into the networks of countries that could become adversaries. Prizes like cappuccino machines and stacks of cash spur them on, and a gong heralds each major breakthrough.
The young engineers represent the new face of a war that President Obama described Friday as “one of the most serious economic and national security challenges we face as a nation.” The president said he would appoint a senior White House official to oversee the nation’s cybersecurity strategies.
Computer experts say the government is behind the curve in sealing off its networks from threats that are growing more persistent and sophisticated, with thousands of intrusions each day from organized criminals and legions of hackers for nations including Russia and China.
“Everybody’s attacking everybody,” said Scott Chase, a 30-year-old computer engineer who helps run the Raytheon unit here.
Mr. Chase, who wears his hair in a ponytail, and Terry Gillette, a 53-year-old former rocket engineer, ran SI Government Solutions before selling the company to Raytheon last year as the boom in the military’s cyberoperations accelerated.
The operation — tucked into several unmarked buildings behind an insurance office and a dentist’s office — is doing some of the most cutting-edge work, both in identifying weaknesses in Pentagon networks and in creating weapons for potential attacks.
Daniel D. Allen, who oversees work on intelligence systems for Northrop Grumman, estimated that federal spending on computer security now totals $10 billion each year, including classified programs. That is just a fraction of the government’s spending on weapons systems. But industry officials expect it to rise rapidly.
The military contractors are now in the enviable position of turning what they learned out of necessity — protecting the sensitive Pentagon data that sits on their own computers — into a lucrative business that could replace some of the revenue lost from cancellations of conventional weapons systems.
Executives at Lockheed Martin, which has long been the government’s largest information-technology contractor, also see the demand for greater computer security spreading to energy and health care agencies and the rest of the nation’s critical infrastructure. But for now, most companies remain focused on the national-security arena, where the hottest efforts involve anticipating how an enemy might attack and developing the resources to strike back.
Though even the existence of research on cyberweapons was once highly classified, the Air Force plans this year to award the first publicly announced contract for developing tools to break into enemy computers. The companies are also teaming up to build a National Cyber Range, a model of the Internet for testing advanced techniques.
Military experts said Northrop Grumman and General Dynamics, which have long been major players in the Pentagon’s security efforts, are leading the push into offensive cyberwarfare, along with the Raytheon unit. This involves finding vulnerabilities in other countries’ computer systems and developing software tools to exploit them, either to steal sensitive information or disable the networks.
Mr. Chase and Mr. Gillette said the Raytheon unit, which has about 100 employees, grew out of a company they started with friends at Florida Institute of Technology that concentrated on helping software makers find flaws in their own products. Over the last several years, their focus shifted to the military and intelligence agencies, which wanted to use their analytic tools to detect vulnerabilities and intrusions previously unnoticed.
Like other contractors, the Raytheon teams set up “honey pots,” the equivalent of sting operations, to lure hackers into digital cul-de-sacs that mimic Pentagon Web sites. They then capture the attackers’ codes and create defenses for them.
And since most of the world’s computers run on the Windows or the Linux systems, their work has also provided a growing window into how to attack foreign networks in any cyberwar.
“It takes a nonconformist to excel at what we do,” said Mr. Gillette, a tanned surfing aficionado who looks like a 1950s hipster in his T-shirts with rolled-up sleeves.
The company, which would allow interviews with other employees only on the condition that their last names not be used because of security concerns, hired one of its top young workers, Dustin, after he won two major hacking contests and dropped out of college. “I always approach it like a game, and it’s been fun,” said Dustin, now 22.
Another engineer, known as Jolly, joined Raytheon in April after earning a master’s degree in computer security at DePaul University in Chicago. “You think defense contractors, and you think bureaucracy, and not necessarily a lot of interesting and challenging projects,” he said.
The Pentagon’s interest in cyberwarfare has reached “religious intensity,” said Daniel T. Kuehl, a military historian at the National Defense University. And the changes carry through to soldiers being trained to defend and attack computer and wireless networks out on the battlefield.
That shift can be seen in the remaking of organizations like the Association of Old Crows, a professional group that includes contractors and military personnel.
The Old Crows have deep roots in what has long been known as electronic warfare — the use of radar and radio technologies for jamming and deception.
But the financing for electronic warfare had slowed recently, prompting the Old Crows to set up a broader information-operations branch last year and establish a new trade journal to focus on cyberwarfare.
The career of Joel Harding, the director of the group’s Information Operations Institute, exemplifies the increasing role that computing and the Internet are playing in the military.
A 20-year veteran of military intelligence, Mr. Harding shifted in 1996 into one of the earliest commands that studied government-sponsored computer hacker programs. After leaving the military, he took a job as an analyst at SAIC, a large contractor developing computer applications for military and intelligence agencies.
Mr. Harding estimates that there are now 3,000 to 5,000 information operations specialists in the military and 50,000 to 70,000 soldiers involved in general computer operations. Adding specialists in electronic warfare, deception and other areas could bring the total number of information operations personnel to as many as 88,700, he said.
printable version
PDF version
